çãããããã«ã¡ã¯ãä»åã¯åºçç©ãLinux ã®ä»®æ³ãã¡ã€ã« ã·ã¹ãã : ãªãå¿
èŠã§ãã©ã®ããã«æ©èœããã®ã?ãã®ç¬¬ XNUMX éšãå
±æããŸãã æåã®éšåãèªãããšãã§ããŸã
eBPF ããã³ bcc ããŒã«ã䜿çšã㊠VFS ãç£èŠããæ¹æ³
ã«ãŒãã«ããã¡ã€ã«ã«å¯ŸããŠã©ã®ããã«åäœããããç解ããæãç°¡åãªæ¹æ³ sysfs
ARM64 ãå®éã«èŠãã®ãæãç°¡åãªæ¹æ³ã¯ãeBPF ã䜿çšããããšã§ãã eBPF (Berkeley Packet Filter ã®ç¥) ã¯ã以äžã§å®è¡ãããä»®æ³ãã·ã³ã§æ§æãããŸãã query
) ã³ãã³ãã©ã€ã³ããã ã«ãŒãã« ãœãŒã¹ã¯ãã«ãŒãã«ã§äœãã§ããããèªè
ã«äŒããŸãã ããŒããããã·ã¹ãã äžã§ eBPF ããŒã«ãå®è¡ãããšãã«ãŒãã«ãå®éã«äœãè¡ã£ãŠããããããããŸãã
幞ããªããšã«ãeBPF ã®äœ¿çšã¯ããŒã«ã®å©ããåããŠéåžžã«ç°¡åã«éå§ã§ããŸãã bcc
ã¯ãC ã³ãŒããå°ãæ¿å
¥ãã Python ã¹ã¯ãªããã§ããã€ãŸããäž¡æ¹ã®èšèªã«ç²ŸéããŠãã人ãªã誰ã§ãç°¡åã«å€æŽã§ããŸãã 㧠bcc/tools
Python ã¹ã¯ãªãã㯠80 åãããŸããããã¯ãéçºè
ãŸãã¯ã·ã¹ãã 管çè
ãåé¡ã®è§£æ±ºã«é©ãããã®ãéžæã§ããå¯èœæ§ãé«ãããšãæå³ããŸãã
å®è¡äžã®ã·ã¹ãã äžã§ VFS ãã©ã®ãããªäœæ¥ãè¡ããã«ã€ããŠãå°ãªããšãè¡šé¢çãªã¢ã€ãã¢ãåŸãã«ã¯ã次ã®ããšãè©ŠããŠãã ããã vfscount
ãŸã㯠vfsstat
ã ããã«ãããããšãã°ãæ°ååã®åŒã³åºããè¡ãããããšãããããŸãã vfs_open()
ãããŠã圌ã®åéãã¯æåéãæ¯ç§èµ·ãããŸãã
vfsstat.py
ããã¯ãåçŽã« VFS é¢æ°åŒã³åºããã«ãŠã³ããã C ã³ãŒããæ¿å ¥ããã Python ã¹ã¯ãªããã§ãã
ãã£ãšç°¡åãªäŸãæããŠãUSB ãã©ãã·ã¥ ãã©ã€ããã³ã³ãã¥ãŒã¿ã«æ¿å ¥ããã·ã¹ãã ããããæ€åºãããšãã«äœãèµ·ããããèŠãŠã¿ãŸãããã
eBPF ã䜿çšãããšãäœãèµ·ãã£ãŠãããã確èªã§ããŸã
/sys
USBãã©ãã·ã¥ãã©ã€ããæ¿å ¥ãããŠãããšãã ããã§ã¯ãåçŽãªäŸãšè€éãªäŸã瀺ããŸãã
äžã«ç€ºããäŸã§ã¯ã bcc
ОМÑÑÑÑÐŒÐµÐœÑ sysfs_create_files()
ã ãããããããŸã sysfs_create_files()
ã䜿çšããŠèµ·åãããŸãã kworker
ãã©ãã·ã¥ãã©ã€ããæ¿å
¥ãããããšã«å¿ããŠã¹ããªãŒã ãéä¿¡ãããŸãããã©ã®ãããªãã¡ã€ã«ãäœæãããŸããã? XNUMX çªç®ã®äŸã¯ãeBPF ã®åšåã瀺ããŠããŸãã ãã trace.py
ã«ãŒãã«ã®ããã¯ãã¬ãŒã¹ (-K ãªãã·ã§ã³) ãšäœæããããã¡ã€ã«ã®ååãåºåããŸãã sysfs_create_files()
ã åäžã¹ããŒãã¡ã³ãã®æ¿å
¥ã¯ãLLVM ãå®è¡ãã Python ã¹ã¯ãªããã«ãã£ãŠæäŸããããç°¡åã«èªèã§ãããã©ãŒãããæååãå«ã C ã³ãŒãã§ãã ãžã£ã¹ãã€ã³ã¿ã€ã ã³ã³ãã€ã©ã ãã®è¡ãã³ã³ãã€ã«ããã«ãŒãã«å
ã®ä»®æ³ãã·ã³ã§å®è¡ããŸãã å
šæ©èœã®çœ²å sysfs_create_files ()
ãã©ãŒãããæååããã©ã¡ãŒã¿ã® XNUMX ã€ãåç
§ã§ããããã«ãXNUMX çªç®ã®ã³ãã³ãã§ãããåçŸããå¿
èŠããããŸãã ãã® C ã³ãŒãéšåã«ãšã©ãŒããããšãC ã³ã³ãã€ã©ããèªèå¯èœãªãšã©ãŒãçºçããŸãã ããšãã°ã-l ãã©ã¡ãŒã¿ãçç¥ãããšããBPF ããã¹ãã®ã³ã³ãã€ã«ã«å€±æããŸãããããšè¡šç€ºãããŸãã C ãš Python ã«ç²ŸéããŠããéçºè
ã¯ããããã®ããŒã«ãèŠã€ããããšãã§ããŸãã bcc
æ¡åŒµãå€æŽãç°¡åã§ãã
USB ãã©ã€ããæ¿å
¥ããããšãã«ãŒãã« ããã¯ãã¬ãŒã¹ã«ãããPID 7711 ãã¹ã¬ããã§ããããšã瀺ãããŸãã kworker
ãã¡ã€ã«ãäœæããã®ã¯ «events»
в sysfs
ã ãããã£ãŠãããã®åŒã³åºãã¯ã sysfs_remove_files()
ãã©ã€ããåé€ãããšãã¡ã€ã«ãåé€ãããããšã衚瀺ãããŸã events
ãããã¯åç
§ã«ãŠã³ãã®äžè¬çãªæŠå¿µã«å¯Ÿå¿ããŸãã åæã«é²èŠ§ããããšã§ã sysfs_create_link ()
USB ãã©ã€ãã®æ¿å
¥äžã« eBPF ã䜿çšãããšãå°ãªããšã 48 åã®ã·ã³ããªã㯠ãªã³ã¯ãäœæãããããšã衚瀺ãããŸãã
ã§ã¯ãã€ãã³ã ãã¡ã€ã«ã®æå³ã¯äœã§ãããã? 䜿çšæ³ disk_add_events ()
ãããã³ãããã "media_change"
ãŸã㯠"eject_request"
ã€ãã³ããã¡ã€ã«ã«èšé²ã§ããŸãã ããã§ãã«ãŒãã« ãããã¯å±€ã¯ãããã£ã¹ã¯ããåºçŸããŠæåºãããããšããŠãŒã¶ãŒç©ºéã«éç¥ããŸãã USB ãã©ã€ããæ¿å
¥ããããšã«ãããã®èª¿æ»æ¹æ³ãããœãŒã¹ããçŽç²ã«ç©äºãã©ã®ããã«æ©èœããããç解ããããšããå Žåãšæ¯èŒããŠãã©ãã»ã©æçã§ãããã«æ³šç®ããŠãã ããã
èªã¿åãå°çšã®ã«ãŒã ãã¡ã€ã« ã·ã¹ãã ã«ããçµã¿èŸŒã¿ããã€ã¹ãå¯èœã«ãªããŸã
ãã¡ããããœã±ãããããã©ã°ãæããŠãµãŒããŒãã³ã³ãã¥ãŒã¿ãŒã®é»æºãåã人ã¯ããŸããã ãããããªãïŒ ããã¯ãç©çã¹ãã¬ãŒãž ããã€ã¹ã«ããŠã³ãããããã¡ã€ã« ã·ã¹ãã ã®æžã蟌ã¿ã«é
ããããããã®ç¶æ
ãèšé²ããããŒã¿æ§é ãã¹ãã¬ãŒãžãžã®æžã蟌ã¿ãšåæããŠããªãå¯èœæ§ãããããã§ãã ãã®åé¡ãçºçããå Žåãã·ã¹ãã ææè
ã¯æ¬¡åã®èµ·åãŸã§ãŠãŒãã£ãªãã£ãèµ·åãããŸã§åŸ
ã€å¿
èŠããããŸãã fsck filesystem-recovery
ãããŠææªã®å ŽåãããŒã¿ã倱ãããå¯èœæ§ããããŸãã
ããããå€ãã® IoT ããã€ã¹ãã«ãŒã¿ãŒããµãŒã¢ã¹ã¿ãããèªåè»ãçŸåš Linux ãå®è¡ããŠããããšã¯èª°ããç¥ã£ãŠããŸãã ãããã®ããã€ã¹ã®å€ãã«ã¯ãŠãŒã¶ãŒ ã€ã³ã¿ãŒãã§ã€ã¹ãã»ãšãã©ãŸãã¯ãŸã£ãããªããããããããããã«ããªãã«ããæ¹æ³ã¯ãããŸããã ã³ã³ãããŒã«ãŠãããã«é»åãäŸçµŠãããŠãããšãã«ãããããªãŒãåããç¶æ
ã§è»ãå§åããããšãæ³åããŠãã ããã fsck
æçµçã«ãšã³ãžã³ãå§åããã®ã¯ãã€ã§ããïŒ ãããŠçãã¯ç°¡åã§ãã çµã¿èŸŒã¿ããã€ã¹ã¯ã«ãŒã ãã¡ã€ã« ã·ã¹ãã ã«äŸåããŸã ro-rootfs
(èªã¿åãå°çšã®ã«ãŒã ãã¡ã€ã«ã·ã¹ãã ))ã
ro-rootfs
æ¬ç©ã»ã©æããã§ã¯ãªãå€ãã®å©ç¹ãæäŸããŸãã å©ç¹ã® XNUMX ã€ã¯ããã«ãŠã§ã¢ãæžã蟌ã¿ã§ããªãããšã§ãã /usr
ãŸã㯠/lib
Linux ããã»ã¹ãããã«æžã蟌ãããšãã§ããªãå Žåã ãã XNUMX ã€ã¯ããµããŒãæ
åœè
ã¯åç®äžãã£ãŒã«ã ã·ã¹ãã ãšåäžã®ããŒã«ã« ã·ã¹ãã ã«äŸåããããããªã¢ãŒã ããã€ã¹ã®ãã£ãŒã«ã ãµããŒãã«ã¯ãã»ãšãã©äžå€ã®ãã¡ã€ã« ã·ã¹ãã ãéèŠã§ãããšããããšã§ãã ãããããæãéèŠãª (ãããæãæœäŒçãª) å©ç¹ã¯ãro-rootfs ã«ãã£ãŠéçºè
ãã·ã¹ãã ã®èšèšæ®µéã§ã©ã®ã·ã¹ãã ãªããžã§ã¯ããäžå€ã«ãããã決å®ããå¿
èŠãããããšã§ãã const å€æ°ã¯ããã°ã©ãã³ã°èšèªã«ãã䜿çšããããããro-rootfs ã䜿çšããã®ã¯æ±ãã«ãããé¢åãªå ŽåããããŸããããã®å©ç¹ã¯è¿œå ã®ãªãŒããŒããããç°¡åã«æ£åœåããŸãã
åµé rootfs
èªã¿åãå°çšã§ã¯ãçµã¿èŸŒã¿éçºè
ã«ã¯è¿œå ã®åŽåãå¿
èŠã§ããããã㧠VFS ãç»å ŽããŸãã Linux ã§ã¯ãã¡ã€ã«ã次ã®å Žæã«ããå¿
èŠããããŸã /var
æžã蟌ã¿å¯èœã§ãããããã«ãçµã¿èŸŒã¿ã·ã¹ãã ãå®è¡ããå€ãã®äžè¬çãªã¢ããªã±ãŒã·ã§ã³ã¯æ§æãäœæããããšããŸãã dot-files
в $HOME
ã ããŒã ãã£ã¬ã¯ããªå
ã®æ§æãã¡ã€ã«ã«å¯Ÿãã解決çã® XNUMX ã€ã¯ãéåžžããããã®ãã¡ã€ã«ãäºåã«çæããŠãã«ãããããšã§ãã rootfs
ã ã®ããã« /var
èããããã¢ãããŒãã® XNUMX ã€ã¯ãå¥ã®æžã蟌ã¿å¯èœãªããŒãã£ã·ã§ã³ã«ããŠã³ãããããšã§ãã /
èªã¿åãå°çšã§ããŠã³ããããŸãã ãã XNUMX ã€ã®äžè¬çãªæ¹æ³ã¯ããã€ã³ã ããŠã³ããŸãã¯ãªãŒããŒã¬ã€ ããŠã³ãã䜿çšããããšã§ãã
ãªã³ã¯å¯èœããã³ã¹ã¿ãã¯å¯èœãªããŠã³ããã³ã³ãããŒã«ãã䜿çš
ã³ãã³ãå®è¡ man mount
ããã¯ããã€ã³ãå¯èœãªããŠã³ããšãªãŒããŒã¬ã€å¯èœãªããŠã³ãã«ã€ããŠåŠã¶æè¯ã®æ¹æ³ã§ããããã«ãããéçºè
ãã·ã¹ãã 管çè
ã¯ããããã¹ã«ãã¡ã€ã« ã·ã¹ãã ãäœæãããããå¥ã®ãã¹ã®ã¢ããªã±ãŒã·ã§ã³ã«å
¬éã§ããããã«ãªããŸãã çµã¿èŸŒã¿ã·ã¹ãã ã®å Žåãããã¯ãã¡ã€ã«ã次ã®å Žæã«ä¿åã§ããããšãæå³ããŸãã /var
èªã¿åãå°çšãã©ãã·ã¥ ãã©ã€ãäžã«ãããŸããããªãŒããŒã¬ã€ãŸãã¯ãªã³ã¯å¯èœãªããŠã³ã ãã¹ãã tmpfs
в /var
ããŒãæã«ãã¢ããªã±ãŒã·ã§ã³ãããã«ã¡ã¢ãæžã蟌ãããšãã§ããããã«ãªããŸã (èµ°ãæžã)ã 次åå€æŽããªã³ã«ãããšãã¯ã /var
倱ãã ããã ãªãŒããŒã¬ã€ ããŠã³ãã¯ã tmpfs
ãšåºç€ãšãªããã¡ã€ã« ã·ã¹ãã ãçµ±åããæ¢åã®ãã¡ã€ã«ã«è¡šåãã®å€æŽãå ããããšãã§ããŸãã ro-tootf
äžæ¹ããã€ã³ãå¯èœãªããŠã³ãã¯æ°ããããŠã³ãã空ã«ããããšãã§ããŸã tmpfs
æžã蟌ã¿å¯èœãšããŠè¡šç€ºããããã©ã«ã㌠ro-rootfs
æ¹æ³ã ãã®é overlayfs
ãããæ£ããã§ã(proper
) ãã¡ã€ã« ã·ã¹ãã ã¿ã€ãããã€ã³ãå¯èœãªããŠã³ãã¯æ¬¡ã®ããã«å®è£
ãããŸãã
ãªãŒããŒã¬ã€ãšãªã³ã¯å¯èœãªããŠã³ãã®èª¬æã«åºã¥ããŠã誰ãé©ããªãã§ãããã mountsnoop
ãã bcc
.
ææŠ system-nspawn
å®è¡äžã«ã³ã³ãããèµ·åããŸã mountsnoop.py
.
äœãèµ·ããã®ãèŠãŠã¿ãŸãããïŒ
èµ·åãã mountsnoop
ã³ã³ãããŒããèµ·åãããŠããéã¯ãã³ã³ãããŒã®ã©ã³ã¿ã€ã ããªã³ã¯ãããŠããããŠã³ãã«å€§ããäŸåããŠããããšã瀺ããŸã (é·ãåºåã®å
é ã®ã¿ã衚瀺ãããŠããŸã)ã
ãã㯠systemd-nspawn
éžæããããã¡ã€ã«ãæäŸããŸã procfs
О sysfs
ãã¹ãããã³ã³ãããžã®ãã¹ãšã㊠rootfs
ã ããã MS_BIND
ãã€ã³ãã£ã³ã° ããŠã³ããèšå®ãããã©ã°ãããŠã³ãäžã®ä»ã®ããã€ãã®ãã©ã°ã¯ããã¹ããšã³ã³ãããŒã®åå空éãžã®å€æŽéã®é¢ä¿ãå®çŸ©ããŸãã ããšãã°ããªã³ã¯ãããããŠã³ãã§ã¯ãå€æŽãã¹ãããããããšãã§ããŸãã /proc
О /sys
ã³ã³ããã«è¿œå ããããåŒã³åºãã«å¿ããŠé衚瀺ã«ããŸãã
ãŸãšã
Linux ã®å
éšåäœãç解ããããšã¯äžå¯èœãªäœæ¥ã®ããã«æãããããããŸãããã«ãŒãã«èªäœã«ã¯èšå€§ãªéã®ã³ãŒããå«ãŸããŠãããLinux ãŠãŒã¶ãŒç©ºéã¢ããªã±ãŒã·ã§ã³ã C ã©ã€ãã©ãªã®ã·ã¹ãã ã³ãŒã« ã€ã³ã¿ãŒãã§ã€ã¹ã¯å¥ãšããŠã glibc
ã é²æ©ãã XNUMX ã€ã®æ¹æ³ã¯ãã·ã¹ãã ã³ãŒã«ãšãŠãŒã¶ãŒç©ºéããããŒãããã³ããŒãã«ãªã©ã®äž»èŠãªå
éšã«ãŒãã« ã€ã³ã¿ãŒãã§ã€ã¹ãç解ããããšã«éç¹ã眮ããŠãXNUMX ã€ã®ã«ãŒãã« ãµãã·ã¹ãã ã®ãœãŒã¹ ã³ãŒããèªãããšã§ãã file_operations
ã ãã¡ã€ã«æäœã§ã¯ãããã¹ãŠããã¡ã€ã«ã§ããããšããååãæäŸããã管çãç¹ã«æ¥œãããªããŸãã æäžäœãã£ã¬ã¯ããªå
ã® C ã«ãŒãã« ãœãŒã¹ ãã¡ã€ã« fs/
ä»®æ³ãã¡ã€ã« ã·ã¹ãã ã®å®è£
ã¯ãäžè¬çãªãã¡ã€ã« ã·ã¹ãã ãšã¹ãã¬ãŒãž ããã€ã¹ã®éã«åºç¯ã§æ¯èŒçåçŽãªäºææ§ãæäŸããã©ãããŒå±€ã§ãã Linux åå空éãä»ãããªã³ã¯ãšãªãŒããŒã¬ã€ ããŠã³ãã¯ãèªã¿åãå°çšã³ã³ãããŒãšã«ãŒã ãã¡ã€ã«ã·ã¹ãã ã®äœæãå¯èœã«ãã VFS ã®éæ³ã§ãã ãœãŒã¹ ã³ãŒããeBPF ã³ã¢ ããŒã«ãããã³ãã®ã€ã³ã¿ãŒãã§ã€ã¹ã®æ€æ»ãšçµã¿åããã bcc
ã³ã¢æ¢æ»ããããŸã§ä»¥äžã«ç°¡åã«ãªããŸãã
çããããã®èšäºã¯åœ¹ã«ç«ã¡ãŸããã? äœãã³ã¡ã³ãããæèŠãããããŸãã§ããããã Linux 管çè
ã³ãŒã¹ã«èå³ãããæ¹ã¯ã次ã®ã³ãŒã¹ã«ãæåŸ
ããŸãã
åºæïŒ habr.com